ruby-saml 0.8.12

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of ruby-saml might be problematic. Click here for more details.

Files changed (70) hide show
  1. checksums.yaml +7 -0
  2. data/.document +5 -0
  3. data/.gitignore +12 -0
  4. data/.travis.yml +11 -0
  5. data/Gemfile +37 -0
  6. data/LICENSE +19 -0
  7. data/README.md +160 -0
  8. data/Rakefile +27 -0
  9. data/changelog.md +24 -0
  10. data/lib/onelogin/ruby-saml/attributes.rb +147 -0
  11. data/lib/onelogin/ruby-saml/authrequest.rb +168 -0
  12. data/lib/onelogin/ruby-saml/logging.rb +26 -0
  13. data/lib/onelogin/ruby-saml/logoutrequest.rb +161 -0
  14. data/lib/onelogin/ruby-saml/logoutresponse.rb +153 -0
  15. data/lib/onelogin/ruby-saml/metadata.rb +66 -0
  16. data/lib/onelogin/ruby-saml/response.rb +426 -0
  17. data/lib/onelogin/ruby-saml/setting_error.rb +6 -0
  18. data/lib/onelogin/ruby-saml/settings.rb +166 -0
  19. data/lib/onelogin/ruby-saml/slo_logoutresponse.rb +158 -0
  20. data/lib/onelogin/ruby-saml/utils.rb +119 -0
  21. data/lib/onelogin/ruby-saml/validation_error.rb +7 -0
  22. data/lib/onelogin/ruby-saml/version.rb +5 -0
  23. data/lib/ruby-saml.rb +12 -0
  24. data/lib/schemas/saml20assertion_schema.xsd +283 -0
  25. data/lib/schemas/saml20protocol_schema.xsd +302 -0
  26. data/lib/schemas/xenc_schema.xsd +146 -0
  27. data/lib/schemas/xmldsig_schema.xsd +318 -0
  28. data/lib/xml_security.rb +292 -0
  29. data/ruby-saml.gemspec +28 -0
  30. data/test/certificates/certificate1 +12 -0
  31. data/test/certificates/r1_certificate2_base64 +1 -0
  32. data/test/certificates/ruby-saml.crt +14 -0
  33. data/test/certificates/ruby-saml.key +15 -0
  34. data/test/logoutrequest_test.rb +244 -0
  35. data/test/logoutresponse_test.rb +112 -0
  36. data/test/request_test.rb +229 -0
  37. data/test/response_test.rb +475 -0
  38. data/test/responses/adfs_response_sha1.xml +46 -0
  39. data/test/responses/adfs_response_sha256.xml +46 -0
  40. data/test/responses/adfs_response_sha384.xml +46 -0
  41. data/test/responses/adfs_response_sha512.xml +46 -0
  42. data/test/responses/encrypted_new_attack.xml.base64 +1 -0
  43. data/test/responses/logoutresponse_fixtures.rb +67 -0
  44. data/test/responses/no_signature_ns.xml +48 -0
  45. data/test/responses/open_saml_response.xml +56 -0
  46. data/test/responses/r1_response6.xml.base64 +1 -0
  47. data/test/responses/response1.xml.base64 +1 -0
  48. data/test/responses/response2.xml.base64 +79 -0
  49. data/test/responses/response3.xml.base64 +66 -0
  50. data/test/responses/response4.xml.base64 +93 -0
  51. data/test/responses/response5.xml.base64 +102 -0
  52. data/test/responses/response_eval.xml +7 -0
  53. data/test/responses/response_node_text_attack.xml.base64 +1 -0
  54. data/test/responses/response_with_ampersands.xml +139 -0
  55. data/test/responses/response_with_ampersands.xml.base64 +93 -0
  56. data/test/responses/response_with_concealed_signed_assertion.xml +51 -0
  57. data/test/responses/response_with_doubled_signed_assertion.xml +49 -0
  58. data/test/responses/response_with_multiple_attribute_statements.xml +72 -0
  59. data/test/responses/response_with_multiple_attribute_values.xml +67 -0
  60. data/test/responses/response_wrapped.xml.base64 +150 -0
  61. data/test/responses/simple_saml_php.xml +71 -0
  62. data/test/responses/starfield_response.xml.base64 +1 -0
  63. data/test/responses/valid_response.xml.base64 +1 -0
  64. data/test/responses/wrapped_response_2.xml.base64 +150 -0
  65. data/test/settings_test.rb +47 -0
  66. data/test/slo_logoutresponse_test.rb +226 -0
  67. data/test/test_helper.rb +155 -0
  68. data/test/utils_test.rb +41 -0
  69. data/test/xml_security_test.rb +158 -0
  70. metadata +178 -0
@@ -0,0 +1,7 @@
1
+ module OneLogin
2
+ module RubySaml
3
+ class ValidationError < StandardError
4
+ end
5
+ end
6
+ end
7
+
@@ -0,0 +1,5 @@
1
+ module OneLogin
2
+ module RubySaml
3
+ VERSION = '0.8.12'
4
+ end
5
+ end
@@ -0,0 +1,12 @@
1
+ require 'onelogin/ruby-saml/logging'
2
+ require 'onelogin/ruby-saml/authrequest'
3
+ require 'onelogin/ruby-saml/logoutrequest'
4
+ require 'onelogin/ruby-saml/logoutresponse'
5
+ require 'onelogin/ruby-saml/slo_logoutresponse'
6
+ require 'onelogin/ruby-saml/response'
7
+ require 'onelogin/ruby-saml/settings'
8
+ require 'onelogin/ruby-saml/utils'
9
+ require 'onelogin/ruby-saml/validation_error'
10
+ require 'onelogin/ruby-saml/metadata'
11
+ require 'onelogin/ruby-saml/version'
12
+ require 'onelogin/ruby-saml/attributes'
@@ -0,0 +1,283 @@
1
+ <?xml version="1.0" encoding="US-ASCII"?>
2
+ <schema
3
+ targetNamespace="urn:oasis:names:tc:SAML:2.0:assertion"
4
+ xmlns="http://www.w3.org/2001/XMLSchema"
5
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
6
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
7
+ xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
8
+ elementFormDefault="unqualified"
9
+ attributeFormDefault="unqualified"
10
+ blockDefault="substitution"
11
+ version="2.0">
12
+ <import namespace="http://www.w3.org/2000/09/xmldsig#"
13
+ schemaLocation="xmldsig_schema.xsd"/>
14
+ <import namespace="http://www.w3.org/2001/04/xmlenc#"
15
+ schemaLocation="xenc_schema.xsd"/>
16
+ <annotation>
17
+ <documentation>
18
+ Document identifier: saml-schema-assertion-2.0
19
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
20
+ Revision history:
21
+ V1.0 (November, 2002):
22
+ Initial Standard Schema.
23
+ V1.1 (September, 2003):
24
+ Updates within the same V1.0 namespace.
25
+ V2.0 (March, 2005):
26
+ New assertion schema for SAML V2.0 namespace.
27
+ </documentation>
28
+ </annotation>
29
+ <attributeGroup name="IDNameQualifiers">
30
+ <attribute name="NameQualifier" type="string" use="optional"/>
31
+ <attribute name="SPNameQualifier" type="string" use="optional"/>
32
+ </attributeGroup>
33
+ <element name="BaseID" type="saml:BaseIDAbstractType"/>
34
+ <complexType name="BaseIDAbstractType" abstract="true">
35
+ <attributeGroup ref="saml:IDNameQualifiers"/>
36
+ </complexType>
37
+ <element name="NameID" type="saml:NameIDType"/>
38
+ <complexType name="NameIDType">
39
+ <simpleContent>
40
+ <extension base="string">
41
+ <attributeGroup ref="saml:IDNameQualifiers"/>
42
+ <attribute name="Format" type="anyURI" use="optional"/>
43
+ <attribute name="SPProvidedID" type="string" use="optional"/>
44
+ </extension>
45
+ </simpleContent>
46
+ </complexType>
47
+ <complexType name="EncryptedElementType">
48
+ <sequence>
49
+ <element ref="xenc:EncryptedData"/>
50
+ <element ref="xenc:EncryptedKey" minOccurs="0" maxOccurs="unbounded"/>
51
+ </sequence>
52
+ </complexType>
53
+ <element name="EncryptedID" type="saml:EncryptedElementType"/>
54
+ <element name="Issuer" type="saml:NameIDType"/>
55
+ <element name="AssertionIDRef" type="NCName"/>
56
+ <element name="AssertionURIRef" type="anyURI"/>
57
+ <element name="Assertion" type="saml:AssertionType"/>
58
+ <complexType name="AssertionType">
59
+ <sequence>
60
+ <element ref="saml:Issuer"/>
61
+ <element ref="ds:Signature" minOccurs="0"/>
62
+ <element ref="saml:Subject" minOccurs="0"/>
63
+ <element ref="saml:Conditions" minOccurs="0"/>
64
+ <element ref="saml:Advice" minOccurs="0"/>
65
+ <choice minOccurs="0" maxOccurs="unbounded">
66
+ <element ref="saml:Statement"/>
67
+ <element ref="saml:AuthnStatement"/>
68
+ <element ref="saml:AuthzDecisionStatement"/>
69
+ <element ref="saml:AttributeStatement"/>
70
+ </choice>
71
+ </sequence>
72
+ <attribute name="Version" type="string" use="required"/>
73
+ <attribute name="ID" type="ID" use="required"/>
74
+ <attribute name="IssueInstant" type="dateTime" use="required"/>
75
+ </complexType>
76
+ <element name="Subject" type="saml:SubjectType"/>
77
+ <complexType name="SubjectType">
78
+ <choice>
79
+ <sequence>
80
+ <choice>
81
+ <element ref="saml:BaseID"/>
82
+ <element ref="saml:NameID"/>
83
+ <element ref="saml:EncryptedID"/>
84
+ </choice>
85
+ <element ref="saml:SubjectConfirmation" minOccurs="0" maxOccurs="unbounded"/>
86
+ </sequence>
87
+ <element ref="saml:SubjectConfirmation" maxOccurs="unbounded"/>
88
+ </choice>
89
+ </complexType>
90
+ <element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/>
91
+ <complexType name="SubjectConfirmationType">
92
+ <sequence>
93
+ <choice minOccurs="0">
94
+ <element ref="saml:BaseID"/>
95
+ <element ref="saml:NameID"/>
96
+ <element ref="saml:EncryptedID"/>
97
+ </choice>
98
+ <element ref="saml:SubjectConfirmationData" minOccurs="0"/>
99
+ </sequence>
100
+ <attribute name="Method" type="anyURI" use="required"/>
101
+ </complexType>
102
+ <element name="SubjectConfirmationData" type="saml:SubjectConfirmationDataType"/>
103
+ <complexType name="SubjectConfirmationDataType" mixed="true">
104
+ <complexContent>
105
+ <restriction base="anyType">
106
+ <sequence>
107
+ <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
108
+ </sequence>
109
+ <attribute name="NotBefore" type="dateTime" use="optional"/>
110
+ <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
111
+ <attribute name="Recipient" type="anyURI" use="optional"/>
112
+ <attribute name="InResponseTo" type="NCName" use="optional"/>
113
+ <attribute name="Address" type="string" use="optional"/>
114
+ <anyAttribute namespace="##other" processContents="lax"/>
115
+ </restriction>
116
+ </complexContent>
117
+ </complexType>
118
+ <complexType name="KeyInfoConfirmationDataType" mixed="false">
119
+ <complexContent>
120
+ <restriction base="saml:SubjectConfirmationDataType">
121
+ <sequence>
122
+ <element ref="ds:KeyInfo" maxOccurs="unbounded"/>
123
+ </sequence>
124
+ </restriction>
125
+ </complexContent>
126
+ </complexType>
127
+ <element name="Conditions" type="saml:ConditionsType"/>
128
+ <complexType name="ConditionsType">
129
+ <choice minOccurs="0" maxOccurs="unbounded">
130
+ <element ref="saml:Condition"/>
131
+ <element ref="saml:AudienceRestriction"/>
132
+ <element ref="saml:OneTimeUse"/>
133
+ <element ref="saml:ProxyRestriction"/>
134
+ </choice>
135
+ <attribute name="NotBefore" type="dateTime" use="optional"/>
136
+ <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
137
+ </complexType>
138
+ <element name="Condition" type="saml:ConditionAbstractType"/>
139
+ <complexType name="ConditionAbstractType" abstract="true"/>
140
+ <element name="AudienceRestriction" type="saml:AudienceRestrictionType"/>
141
+ <complexType name="AudienceRestrictionType">
142
+ <complexContent>
143
+ <extension base="saml:ConditionAbstractType">
144
+ <sequence>
145
+ <element ref="saml:Audience" maxOccurs="unbounded"/>
146
+ </sequence>
147
+ </extension>
148
+ </complexContent>
149
+ </complexType>
150
+ <element name="Audience" type="anyURI"/>
151
+ <element name="OneTimeUse" type="saml:OneTimeUseType" />
152
+ <complexType name="OneTimeUseType">
153
+ <complexContent>
154
+ <extension base="saml:ConditionAbstractType"/>
155
+ </complexContent>
156
+ </complexType>
157
+ <element name="ProxyRestriction" type="saml:ProxyRestrictionType"/>
158
+ <complexType name="ProxyRestrictionType">
159
+ <complexContent>
160
+ <extension base="saml:ConditionAbstractType">
161
+ <sequence>
162
+ <element ref="saml:Audience" minOccurs="0" maxOccurs="unbounded"/>
163
+ </sequence>
164
+ <attribute name="Count" type="nonNegativeInteger" use="optional"/>
165
+ </extension>
166
+ </complexContent>
167
+ </complexType>
168
+ <element name="Advice" type="saml:AdviceType"/>
169
+ <complexType name="AdviceType">
170
+ <choice minOccurs="0" maxOccurs="unbounded">
171
+ <element ref="saml:AssertionIDRef"/>
172
+ <element ref="saml:AssertionURIRef"/>
173
+ <element ref="saml:Assertion"/>
174
+ <element ref="saml:EncryptedAssertion"/>
175
+ <any namespace="##other" processContents="lax"/>
176
+ </choice>
177
+ </complexType>
178
+ <element name="EncryptedAssertion" type="saml:EncryptedElementType"/>
179
+ <element name="Statement" type="saml:StatementAbstractType"/>
180
+ <complexType name="StatementAbstractType" abstract="true"/>
181
+ <element name="AuthnStatement" type="saml:AuthnStatementType"/>
182
+ <complexType name="AuthnStatementType">
183
+ <complexContent>
184
+ <extension base="saml:StatementAbstractType">
185
+ <sequence>
186
+ <element ref="saml:SubjectLocality" minOccurs="0"/>
187
+ <element ref="saml:AuthnContext"/>
188
+ </sequence>
189
+ <attribute name="AuthnInstant" type="dateTime" use="required"/>
190
+ <attribute name="SessionIndex" type="string" use="optional"/>
191
+ <attribute name="SessionNotOnOrAfter" type="dateTime" use="optional"/>
192
+ </extension>
193
+ </complexContent>
194
+ </complexType>
195
+ <element name="SubjectLocality" type="saml:SubjectLocalityType"/>
196
+ <complexType name="SubjectLocalityType">
197
+ <attribute name="Address" type="string" use="optional"/>
198
+ <attribute name="DNSName" type="string" use="optional"/>
199
+ </complexType>
200
+ <element name="AuthnContext" type="saml:AuthnContextType"/>
201
+ <complexType name="AuthnContextType">
202
+ <sequence>
203
+ <choice>
204
+ <sequence>
205
+ <element ref="saml:AuthnContextClassRef"/>
206
+ <choice minOccurs="0">
207
+ <element ref="saml:AuthnContextDecl"/>
208
+ <element ref="saml:AuthnContextDeclRef"/>
209
+ </choice>
210
+ </sequence>
211
+ <choice>
212
+ <element ref="saml:AuthnContextDecl"/>
213
+ <element ref="saml:AuthnContextDeclRef"/>
214
+ </choice>
215
+ </choice>
216
+ <element ref="saml:AuthenticatingAuthority" minOccurs="0" maxOccurs="unbounded"/>
217
+ </sequence>
218
+ </complexType>
219
+ <element name="AuthnContextClassRef" type="anyURI"/>
220
+ <element name="AuthnContextDeclRef" type="anyURI"/>
221
+ <element name="AuthnContextDecl" type="anyType"/>
222
+ <element name="AuthenticatingAuthority" type="anyURI"/>
223
+ <element name="AuthzDecisionStatement" type="saml:AuthzDecisionStatementType"/>
224
+ <complexType name="AuthzDecisionStatementType">
225
+ <complexContent>
226
+ <extension base="saml:StatementAbstractType">
227
+ <sequence>
228
+ <element ref="saml:Action" maxOccurs="unbounded"/>
229
+ <element ref="saml:Evidence" minOccurs="0"/>
230
+ </sequence>
231
+ <attribute name="Resource" type="anyURI" use="required"/>
232
+ <attribute name="Decision" type="saml:DecisionType" use="required"/>
233
+ </extension>
234
+ </complexContent>
235
+ </complexType>
236
+ <simpleType name="DecisionType">
237
+ <restriction base="string">
238
+ <enumeration value="Permit"/>
239
+ <enumeration value="Deny"/>
240
+ <enumeration value="Indeterminate"/>
241
+ </restriction>
242
+ </simpleType>
243
+ <element name="Action" type="saml:ActionType"/>
244
+ <complexType name="ActionType">
245
+ <simpleContent>
246
+ <extension base="string">
247
+ <attribute name="Namespace" type="anyURI" use="required"/>
248
+ </extension>
249
+ </simpleContent>
250
+ </complexType>
251
+ <element name="Evidence" type="saml:EvidenceType"/>
252
+ <complexType name="EvidenceType">
253
+ <choice maxOccurs="unbounded">
254
+ <element ref="saml:AssertionIDRef"/>
255
+ <element ref="saml:AssertionURIRef"/>
256
+ <element ref="saml:Assertion"/>
257
+ <element ref="saml:EncryptedAssertion"/>
258
+ </choice>
259
+ </complexType>
260
+ <element name="AttributeStatement" type="saml:AttributeStatementType"/>
261
+ <complexType name="AttributeStatementType">
262
+ <complexContent>
263
+ <extension base="saml:StatementAbstractType">
264
+ <choice maxOccurs="unbounded">
265
+ <element ref="saml:Attribute"/>
266
+ <element ref="saml:EncryptedAttribute"/>
267
+ </choice>
268
+ </extension>
269
+ </complexContent>
270
+ </complexType>
271
+ <element name="Attribute" type="saml:AttributeType"/>
272
+ <complexType name="AttributeType">
273
+ <sequence>
274
+ <element ref="saml:AttributeValue" minOccurs="0" maxOccurs="unbounded"/>
275
+ </sequence>
276
+ <attribute name="Name" type="string" use="required"/>
277
+ <attribute name="NameFormat" type="anyURI" use="optional"/>
278
+ <attribute name="FriendlyName" type="string" use="optional"/>
279
+ <anyAttribute namespace="##other" processContents="lax"/>
280
+ </complexType>
281
+ <element name="AttributeValue" type="anyType" nillable="true"/>
282
+ <element name="EncryptedAttribute" type="saml:EncryptedElementType"/>
283
+ </schema>
@@ -0,0 +1,302 @@
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
+ <schema
3
+ targetNamespace="urn:oasis:names:tc:SAML:2.0:protocol"
4
+ xmlns="http://www.w3.org/2001/XMLSchema"
5
+ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
6
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
7
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
8
+ elementFormDefault="unqualified"
9
+ attributeFormDefault="unqualified"
10
+ blockDefault="substitution"
11
+ version="2.0">
12
+ <import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
13
+ schemaLocation="saml20assertion_schema.xsd"/>
14
+ <import namespace="http://www.w3.org/2000/09/xmldsig#"
15
+ schemaLocation="xmldsig_schema.xsd"/>
16
+ <annotation>
17
+ <documentation>
18
+ Document identifier: saml-schema-protocol-2.0
19
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
20
+ Revision history:
21
+ V1.0 (November, 2002):
22
+ Initial Standard Schema.
23
+ V1.1 (September, 2003):
24
+ Updates within the same V1.0 namespace.
25
+ V2.0 (March, 2005):
26
+ New protocol schema based in a SAML V2.0 namespace.
27
+ </documentation>
28
+ </annotation>
29
+ <complexType name="RequestAbstractType" abstract="true">
30
+ <sequence>
31
+ <element ref="saml:Issuer" minOccurs="0"/>
32
+ <element ref="ds:Signature" minOccurs="0"/>
33
+ <element ref="samlp:Extensions" minOccurs="0"/>
34
+ </sequence>
35
+ <attribute name="ID" type="ID" use="required"/>
36
+ <attribute name="Version" type="string" use="required"/>
37
+ <attribute name="IssueInstant" type="dateTime" use="required"/>
38
+ <attribute name="Destination" type="anyURI" use="optional"/>
39
+ <attribute name="Consent" type="anyURI" use="optional"/>
40
+ </complexType>
41
+ <element name="Extensions" type="samlp:ExtensionsType"/>
42
+ <complexType name="ExtensionsType">
43
+ <sequence>
44
+ <any namespace="##other" processContents="lax" maxOccurs="unbounded"/>
45
+ </sequence>
46
+ </complexType>
47
+ <complexType name="StatusResponseType">
48
+ <sequence>
49
+ <element ref="saml:Issuer" minOccurs="0"/>
50
+ <element ref="ds:Signature" minOccurs="0"/>
51
+ <element ref="samlp:Extensions" minOccurs="0"/>
52
+ <element ref="samlp:Status"/>
53
+ </sequence>
54
+ <attribute name="ID" type="ID" use="required"/>
55
+ <attribute name="InResponseTo" type="NCName" use="optional"/>
56
+ <attribute name="Version" type="string" use="required"/>
57
+ <attribute name="IssueInstant" type="dateTime" use="required"/>
58
+ <attribute name="Destination" type="anyURI" use="optional"/>
59
+ <attribute name="Consent" type="anyURI" use="optional"/>
60
+ </complexType>
61
+ <element name="Status" type="samlp:StatusType"/>
62
+ <complexType name="StatusType">
63
+ <sequence>
64
+ <element ref="samlp:StatusCode"/>
65
+ <element ref="samlp:StatusMessage" minOccurs="0"/>
66
+ <element ref="samlp:StatusDetail" minOccurs="0"/>
67
+ </sequence>
68
+ </complexType>
69
+ <element name="StatusCode" type="samlp:StatusCodeType"/>
70
+ <complexType name="StatusCodeType">
71
+ <sequence>
72
+ <element ref="samlp:StatusCode" minOccurs="0"/>
73
+ </sequence>
74
+ <attribute name="Value" type="anyURI" use="required"/>
75
+ </complexType>
76
+ <element name="StatusMessage" type="string"/>
77
+ <element name="StatusDetail" type="samlp:StatusDetailType"/>
78
+ <complexType name="StatusDetailType">
79
+ <sequence>
80
+ <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
81
+ </sequence>
82
+ </complexType>
83
+ <element name="AssertionIDRequest" type="samlp:AssertionIDRequestType"/>
84
+ <complexType name="AssertionIDRequestType">
85
+ <complexContent>
86
+ <extension base="samlp:RequestAbstractType">
87
+ <sequence>
88
+ <element ref="saml:AssertionIDRef" maxOccurs="unbounded"/>
89
+ </sequence>
90
+ </extension>
91
+ </complexContent>
92
+ </complexType>
93
+ <element name="SubjectQuery" type="samlp:SubjectQueryAbstractType"/>
94
+ <complexType name="SubjectQueryAbstractType" abstract="true">
95
+ <complexContent>
96
+ <extension base="samlp:RequestAbstractType">
97
+ <sequence>
98
+ <element ref="saml:Subject"/>
99
+ </sequence>
100
+ </extension>
101
+ </complexContent>
102
+ </complexType>
103
+ <element name="AuthnQuery" type="samlp:AuthnQueryType"/>
104
+ <complexType name="AuthnQueryType">
105
+ <complexContent>
106
+ <extension base="samlp:SubjectQueryAbstractType">
107
+ <sequence>
108
+ <element ref="samlp:RequestedAuthnContext" minOccurs="0"/>
109
+ </sequence>
110
+ <attribute name="SessionIndex" type="string" use="optional"/>
111
+ </extension>
112
+ </complexContent>
113
+ </complexType>
114
+ <element name="RequestedAuthnContext" type="samlp:RequestedAuthnContextType"/>
115
+ <complexType name="RequestedAuthnContextType">
116
+ <choice>
117
+ <element ref="saml:AuthnContextClassRef" maxOccurs="unbounded"/>
118
+ <element ref="saml:AuthnContextDeclRef" maxOccurs="unbounded"/>
119
+ </choice>
120
+ <attribute name="Comparison" type="samlp:AuthnContextComparisonType" use="optional"/>
121
+ </complexType>
122
+ <simpleType name="AuthnContextComparisonType">
123
+ <restriction base="string">
124
+ <enumeration value="exact"/>
125
+ <enumeration value="minimum"/>
126
+ <enumeration value="maximum"/>
127
+ <enumeration value="better"/>
128
+ </restriction>
129
+ </simpleType>
130
+ <element name="AttributeQuery" type="samlp:AttributeQueryType"/>
131
+ <complexType name="AttributeQueryType">
132
+ <complexContent>
133
+ <extension base="samlp:SubjectQueryAbstractType">
134
+ <sequence>
135
+ <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
136
+ </sequence>
137
+ </extension>
138
+ </complexContent>
139
+ </complexType>
140
+ <element name="AuthzDecisionQuery" type="samlp:AuthzDecisionQueryType"/>
141
+ <complexType name="AuthzDecisionQueryType">
142
+ <complexContent>
143
+ <extension base="samlp:SubjectQueryAbstractType">
144
+ <sequence>
145
+ <element ref="saml:Action" maxOccurs="unbounded"/>
146
+ <element ref="saml:Evidence" minOccurs="0"/>
147
+ </sequence>
148
+ <attribute name="Resource" type="anyURI" use="required"/>
149
+ </extension>
150
+ </complexContent>
151
+ </complexType>
152
+ <element name="AuthnRequest" type="samlp:AuthnRequestType"/>
153
+ <complexType name="AuthnRequestType">
154
+ <complexContent>
155
+ <extension base="samlp:RequestAbstractType">
156
+ <sequence>
157
+ <element ref="saml:Subject" minOccurs="0"/>
158
+ <element ref="samlp:NameIDPolicy" minOccurs="0"/>
159
+ <element ref="saml:Conditions" minOccurs="0"/>
160
+ <element ref="samlp:RequestedAuthnContext" minOccurs="0"/>
161
+ <element ref="samlp:Scoping" minOccurs="0"/>
162
+ </sequence>
163
+ <attribute name="ForceAuthn" type="boolean" use="optional"/>
164
+ <attribute name="IsPassive" type="boolean" use="optional"/>
165
+ <attribute name="ProtocolBinding" type="anyURI" use="optional"/>
166
+ <attribute name="AssertionConsumerServiceIndex" type="unsignedShort" use="optional"/>
167
+ <attribute name="AssertionConsumerServiceURL" type="anyURI" use="optional"/>
168
+ <attribute name="AttributeConsumingServiceIndex" type="unsignedShort" use="optional"/>
169
+ <attribute name="ProviderName" type="string" use="optional"/>
170
+ </extension>
171
+ </complexContent>
172
+ </complexType>
173
+ <element name="NameIDPolicy" type="samlp:NameIDPolicyType"/>
174
+ <complexType name="NameIDPolicyType">
175
+ <attribute name="Format" type="anyURI" use="optional"/>
176
+ <attribute name="SPNameQualifier" type="string" use="optional"/>
177
+ <attribute name="AllowCreate" type="boolean" use="optional"/>
178
+ </complexType>
179
+ <element name="Scoping" type="samlp:ScopingType"/>
180
+ <complexType name="ScopingType">
181
+ <sequence>
182
+ <element ref="samlp:IDPList" minOccurs="0"/>
183
+ <element ref="samlp:RequesterID" minOccurs="0" maxOccurs="unbounded"/>
184
+ </sequence>
185
+ <attribute name="ProxyCount" type="nonNegativeInteger" use="optional"/>
186
+ </complexType>
187
+ <element name="RequesterID" type="anyURI"/>
188
+ <element name="IDPList" type="samlp:IDPListType"/>
189
+ <complexType name="IDPListType">
190
+ <sequence>
191
+ <element ref="samlp:IDPEntry" maxOccurs="unbounded"/>
192
+ <element ref="samlp:GetComplete" minOccurs="0"/>
193
+ </sequence>
194
+ </complexType>
195
+ <element name="IDPEntry" type="samlp:IDPEntryType"/>
196
+ <complexType name="IDPEntryType">
197
+ <attribute name="ProviderID" type="anyURI" use="required"/>
198
+ <attribute name="Name" type="string" use="optional"/>
199
+ <attribute name="Loc" type="anyURI" use="optional"/>
200
+ </complexType>
201
+ <element name="GetComplete" type="anyURI"/>
202
+ <element name="Response" type="samlp:ResponseType"/>
203
+ <complexType name="ResponseType">
204
+ <complexContent>
205
+ <extension base="samlp:StatusResponseType">
206
+ <choice minOccurs="0" maxOccurs="unbounded">
207
+ <element ref="saml:Assertion"/>
208
+ <element ref="saml:EncryptedAssertion"/>
209
+ </choice>
210
+ </extension>
211
+ </complexContent>
212
+ </complexType>
213
+ <element name="ArtifactResolve" type="samlp:ArtifactResolveType"/>
214
+ <complexType name="ArtifactResolveType">
215
+ <complexContent>
216
+ <extension base="samlp:RequestAbstractType">
217
+ <sequence>
218
+ <element ref="samlp:Artifact"/>
219
+ </sequence>
220
+ </extension>
221
+ </complexContent>
222
+ </complexType>
223
+ <element name="Artifact" type="string"/>
224
+ <element name="ArtifactResponse" type="samlp:ArtifactResponseType"/>
225
+ <complexType name="ArtifactResponseType">
226
+ <complexContent>
227
+ <extension base="samlp:StatusResponseType">
228
+ <sequence>
229
+ <any namespace="##any" processContents="lax" minOccurs="0"/>
230
+ </sequence>
231
+ </extension>
232
+ </complexContent>
233
+ </complexType>
234
+ <element name="ManageNameIDRequest" type="samlp:ManageNameIDRequestType"/>
235
+ <complexType name="ManageNameIDRequestType">
236
+ <complexContent>
237
+ <extension base="samlp:RequestAbstractType">
238
+ <sequence>
239
+ <choice>
240
+ <element ref="saml:NameID"/>
241
+ <element ref="saml:EncryptedID"/>
242
+ </choice>
243
+ <choice>
244
+ <element ref="samlp:NewID"/>
245
+ <element ref="samlp:NewEncryptedID"/>
246
+ <element ref="samlp:Terminate"/>
247
+ </choice>
248
+ </sequence>
249
+ </extension>
250
+ </complexContent>
251
+ </complexType>
252
+ <element name="NewID" type="string"/>
253
+ <element name="NewEncryptedID" type="saml:EncryptedElementType"/>
254
+ <element name="Terminate" type="samlp:TerminateType"/>
255
+ <complexType name="TerminateType"/>
256
+ <element name="ManageNameIDResponse" type="samlp:StatusResponseType"/>
257
+ <element name="LogoutRequest" type="samlp:LogoutRequestType"/>
258
+ <complexType name="LogoutRequestType">
259
+ <complexContent>
260
+ <extension base="samlp:RequestAbstractType">
261
+ <sequence>
262
+ <choice>
263
+ <element ref="saml:BaseID"/>
264
+ <element ref="saml:NameID"/>
265
+ <element ref="saml:EncryptedID"/>
266
+ </choice>
267
+ <element ref="samlp:SessionIndex" minOccurs="0" maxOccurs="unbounded"/>
268
+ </sequence>
269
+ <attribute name="Reason" type="string" use="optional"/>
270
+ <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
271
+ </extension>
272
+ </complexContent>
273
+ </complexType>
274
+ <element name="SessionIndex" type="string"/>
275
+ <element name="LogoutResponse" type="samlp:StatusResponseType"/>
276
+ <element name="NameIDMappingRequest" type="samlp:NameIDMappingRequestType"/>
277
+ <complexType name="NameIDMappingRequestType">
278
+ <complexContent>
279
+ <extension base="samlp:RequestAbstractType">
280
+ <sequence>
281
+ <choice>
282
+ <element ref="saml:BaseID"/>
283
+ <element ref="saml:NameID"/>
284
+ <element ref="saml:EncryptedID"/>
285
+ </choice>
286
+ <element ref="samlp:NameIDPolicy"/>
287
+ </sequence>
288
+ </extension>
289
+ </complexContent>
290
+ </complexType>
291
+ <element name="NameIDMappingResponse" type="samlp:NameIDMappingResponseType"/>
292
+ <complexType name="NameIDMappingResponseType">
293
+ <complexContent>
294
+ <extension base="samlp:StatusResponseType">
295
+ <choice>
296
+ <element ref="saml:NameID"/>
297
+ <element ref="saml:EncryptedID"/>
298
+ </choice>
299
+ </extension>
300
+ </complexContent>
301
+ </complexType>
302
+ </schema>